This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
After entering a wrong username (domain joined) to a Windows 10 Client, the 'Welcome'-screen will be shown for round about 3-4 minutes until the error message 'The user name or password is incorrect'.
Does anybody know, if this long delay is a default behaviour of Windows 10? I am not exactly sure, but I think Windows 7 didn't take that long to verify username.
During my troubleshooting, I noticed that the client is contacting each domain controller in our domain over LDAP (lsass.exe) and this will take a long time.
In our enviroment, we have round about 22 Domain Controller.
Is there any possibility to speed up the "username" checking and maybe we can restrict the client to check the username only to a few domain controller (nearest 3 dcs)?
If this behaviour is default, may someone can give me a note where I read the default process - because I have to provide a solution/answer to our users.
Thanks a lot.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(89.60000000000001, 81%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERA%3C/text%3E%3C/svg%3E)
You may try enable the cache account.
In the Group Policy navigate to Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options and there is a policy called Interactive logon: Number of previous logons to cache (in case domain controller is not available) and this could speed up login.
Hello @ErazerMe
I would suggest you to have a look on below Microsoft blog explaining the same.
https://devblogs.microsoft.com/oldnewthing/20100323-00/?p=14513
If the reply was helpful, please don’t forget to upvote or accept as answer.
Thanks,
Thanks for your post.
I know the general process of checking the correctness of user/password: 1. locally, 2. Domain Controller
My main question is, why is the client contact each Domain-Controller in the domain for checking the username? Is this a default behaviour or do we have a problem within our enviroment?
Normally, when a Clients receives "wrong username/password" from one DC, then I would accept if the Client goes to the KDC and ask the KDC-Domain Controller for cross-checking. But why is the client contacting ALL Domain-Controllers?